CVE-2018-2379
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.
Source: CVE-2018-2379
[월:] 2018년 02월
CVE-2018-2371
CVE-2018-2371
The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
Source: CVE-2018-2371
CVE-2018-2381
CVE-2018-2381
SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Source: CVE-2018-2381
CVE-2018-2373
CVE-2018-2373
Under certain circumstances, a specific endpoint of the Controller’s API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.
Source: CVE-2018-2373
CVE-2018-2374
CVE-2018-2374
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.
Source: CVE-2018-2374
CVE-2018-2375
CVE-2018-2375
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
Source: CVE-2018-2375
CVE-2018-2376
CVE-2018-2376
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
Source: CVE-2018-2376
CVE-2018-2377
CVE-2018-2377
In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users.
Source: CVE-2018-2377
CVE-2018-2378
CVE-2018-2378
In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.
Source: CVE-2018-2378
CVE-2018-2372
CVE-2018-2372
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.
Source: CVE-2018-2372